Threat of the Month: A physical compromise

Fast, novel, automated: threats are routinely getting past traditional security tools. Security now, more than ever, needs to be top of the CEO’s agenda.

We are seeing a host of new, innovative threats attacking companies on a daily basis. A recent example, detected by Darktrace’s ‘immune system’ approach, highlights how machine learning can help in this new era of advanced threat. Within a week of installing threat detection software into one customer’s security stack, Darktrace discovered a serious compromise.

An attacker had successfully exploited the company’s fingerprint scanner, and gained access to the fingerprint records stored by the system. This access to sensitive data gave the attacker the potential to illegitimately transfer fingerprint details and gain unauthorised access to the company premises.

The use of fingerprint scanners indicates the company had a strong willingness to protect its physical assets. Increased connectivity means that these scanners could be integrated into its IT network, allowing the efficient management of physical access controls.

However, interconnected systems also introduced a new attack vector for potential cyber attackers attempting to compromise these physical defences. The close association of physical and network resources meant that the remote attackers could gain physical access to the company premises.

Traditional anti-malware solutions failed to detect this subtle activity. Unfortunately, the activity didn’t correspond to any known attack ‘signature’. The attacker’s movement was uncovered by machine learning techniques, which had learnt the scanner’s normal day-to-day activities, and recognised that it had started behaving abnormally. Subsequently, we were able to trace the attacker’s movements within the network, as they exploited the well-known vulnerabilities of the scanner’s software.

This was the work of an intelligent attacker, capable of subtly blending in with standard network behaviour. However, through unsupervised machine learning, we were able to detect the threat before it progressed and inflicted real damage.

Needless to say, the threat was reported to the CEO. However, it was a question of a threat thwarted, and an experience that both the company – and its technology – has learnt from.

The digital attacks can have physical implications, the good news is that, technologies today are battling digital complexity and giving the attackers as good as they get.